Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Masjesu IoT DDoS botnet activity

Malware Activity
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The Masjesu botnet is actively infecting IoT devices and using them for DDoS attacks, creating a distributed attack platform that can generate large traffic floods. It has been operating since at least 2023 and is advertised to Chinese- and English-speaking users. Infections have been observed across Vietnam, Brazil, India, Iran, Kenya, and Ukraine. Its broad device footprint makes it a persistent cross-border abuse platform.

Related Happenings

North Korean remote IT worker infiltration trend across companies

Target Trend
First: 20.08.2025 12:18 Last: 20.08.2025 12:18 Sources 1

About this happening: **North Korean remote IT worker** infiltration continues to expand as **Famous Chollima (WageMole)** uses **stolen identities**, **deep fake videos**, GitHub spam, and remote-acce...

Open Happening

Timeline

  1. 08.04.2026 14:49 2 articles · 1mo ago

    Masjesu botnet technical analysis and disclosure

    Technical Analysis Update

    Masjesu is a DDoS botnet active since at least 2023 that infects IoT devices, advertises large-volume attack services on Telegram to Chinese- and English-speaking users, and spreads through vulnerabilities in D-Link routers, GPON routers, Huawei home gateways, MVPower DVRs, Netgear routers, UPnP services, and other devices; infected hosts are hardened for persistence with renamed binaries and cron jobs, expose remote access through a hardcoded TCP port, store sensitive configuration strings in encrypted form, use multiple C&C domains and fallback IPs, and can launch UDP, TCP, VSE, GRE, RDP, OSPF, ICMP, IGMP, TCP_SYN, TCP-ACK, TCP-ACKPSH, and HTTP floods.

    Show sources
    Open in new tab